<?php include 'config.php' /*including the config file*/ ?>
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
  <title><?php echo $title . " Account Creation" ?></title>
</head>

<body>
<!-- input fields for account creation -->
<div align="center"><form action="account.php" method="post">
Account Name:<br /><input type="text" name="account" /><br />
Account Password:<br /><input type="password" name="pass" />   <br />
Verify Password:<br /><input type="password" name="pass2"  /><br />
Email:<br /><input type="text" name="email" /> <br />
<br />
<input type="submit" value="Submit" />
</form></div>
<?php
function accountcheck($str)
{
    $var = preg_match('/[^a-zA-Z]/', $str);
    return $var;
}
function passcheck($str)
{
    $var = preg_match('/[^a-zA-Z0-9]/', $str);
    return $var;
}

//checks if the submit button was clicked
if (isset($_POST['submit']))
    {
            $account = $_POST['account'];
            $acc_pass = $_POST['pass'];
            $acc_pass2 = $_POST['pass2'];
            $email = $_POST['email'];
            $ip = getenv('REMOTE_ADDR');
            $conn = mysql_connect( $logon_host , $logon_user , $logon_pass);
        if (!$conn)
        {
            die('Could not connect :' . mysql_error());
        }
            mysql_select_db($logondb);
                //checks if all the forms were filled
        if (empty($_POST['account']) || empty($_POST['pass']) ||
              empty($_POST['pass2']) || empty($_POST['email']))
        {
            echo "You have not filled the necesary fields.";
        exit;
        }
        $account = mysql_real_escape_string(html_entity_decode(htmlentities($account)));
        $acc_pass = mysql_real_escape_string(html_entity_decode(htmlentities($acc_pass)));
        $acc_pass2 = mysql_real_escape_string(html_entity_decode(htmlentities($acc_pass2)));
        $email = mysql_real_escape_string(html_entity_decode(htmlentities($email)));

        if (accountcheck($account) == 1)
            {
                die ("Account name contains invalid characters!");
            }
        elseif (passcheck($acc_pass) == 1)
            {
                die ("Your password contains invalid characters!");
            }
        elseif (passcheck($acc_pass2) == 1)
            {
                die ("Your password contains invalid characters!");
            }

    if($acc_pass != $acc_pass2) //checks if both passwords are the same
        {
            echo "Sorry, the provided passwords do not match!";
        exit;
        }      //defined the query that needs to be executed
$query = "INSERT INTO `accounts` (login, password, gm, banned, lastip, email, flags)
           VALUES ('$account', '$acc_pass', '0', '0', '$ip', '$email', '8')";
$result = mysql_query($query);//defined the result
if(!$result)  //if result is not succesfull
        {
        echo "Sorry, your account could not be created " . mysql_error();
        }
        else
        {               //if it is
        echo "Welcome " . $account . "You have succesfully created an account";
        }
mysql_close($conn); //close the conection
}

?>
</body>
</html>